Hello,
I have seen similar questions with no answers, so sorry for the repost.
I am trying to find a way to either blacklist or whitelist certain attachment types, as it seems right now any file type can be attached to a ticket including files like .js and .bat
I think we will only ever need .pdf .jpeg .png and maybe some spreadsheet type files … I don’t want potentially malicious files being emailed into the system by a compromised account…
Anybody know of a way to limit the attachment type?
Thank you!
You could write a custom scrip using the “On transaction” condition that has an action that checks the MIME content type of the attachments in the transaction and then deletes any that don’t match your allowed white list?
Something like this for the custom action commit code (with a custom action preparation code that just does a return 1;):
my @allowedTypes = ('text/plain', 'text/html', 'application/pdf', 'image/gif', 'image/jpeg');
my $transObj = $self->TransactionObj;
my $attachments = $transObj->Attachments;
while(my $thisAttachment = $attachments->Next) {
my $contentType = $thisAttachment->ContentType;
next if(!$contentType);
my $ok = 0;
foreach my $testType (@allowedTypes) {
warn "Checking $contentType against $testType\n";
if($testType eq $contentType) {
$ok = 1;
last;
}
}
if(!$ok) {
warn "Deleting attachment ID ".$thisAttachment->id." with content type $contentType\n";
$thisAttachment->Delete;
}
}
return 1;
This works off the MIME content-types, but you could also check filenames, sizes, etc, etc in a similar way.
1 Like